CVE-2020-3350

18.06.2020, 03:15

A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working.

Race Condition

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
cisco	CNA	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 32%

Vendor	Product	Version
cisco	advanced_malware_protection_for_endpoints	𝑥 < 1.12.4
cisco	advanced_malware_protection_for_endpoints	𝑥 < 1.12.4
cisco	clam_antivirus	𝑥 < 0.102.4
debian	debian_linux	9.0
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	20.04

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

clamav

bullseye	0.103.10+dfsg-0+deb11u1 fixed
bookworm	1.0.5+dfsg-1~deb12u1 fixed
sid	1.4.1+dfsg-1 fixed
trixie	1.4.1+dfsg-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

clamav

focal	Fixed 0.102.4+dfsg-0ubuntu0.20.04.1 released
bionic	Fixed 0.102.4+dfsg-0ubuntu0.18.04.1 released
xenial	Fixed 0.102.4+dfsg-0ubuntu0.16.04.1 released
trusty	Fixed 0.102.4+dfsg-0ubuntu0.14.04.1+esm1 released

Common Weakness Enumeration

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References

https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJ67VH37NCG25PICGWFWZHSVG7PBT7MC/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QM7EXJHDEZJLWM2NKH6TCDXOBP5NNYIN/

https://security.gentoo.org/glsa/202007-23

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-famp-ZEpdXy

https://usn.ubuntu.com/4435-1/